NIST Hardware-based Root of Trust a Win for Mobile Security
In October, the U.S. National Institute of Standards and Technology (NIST) issued the Special Publication 800-164 draft, for comment, focused on how to better secure mobile devices. The report noted the growing use of increasingly powerful mobile devices in the workplace with many of those brought by workers, in the trend known as BYOD.
Among other findings, the report notes:
“Many mobile devices are not capable of providing strong security assurances to end users and organizations. Current mobile devices lack the hardware-based roots of trust that are increasingly built into laptops and other types of hosts.”
NIST’s report goes on to say, “Hardware RoTs are preferred over software RoTs due to their immutability, smaller attack surface, and more reliable behavior.” Specifically, NIST recommends:
NIST also says devices should implement device integrity, isolation and protected storage.
What does this mean from TCG's perspective? TCG commends NIST for its work and recommendations. TCG has long advocated the hardware-based root of trust for security, and has been working for some time to enable that in mobile devices, in addition to the widespread deployment of some 500+ million TPMs used in PCs, servers and other systems.
TCG's release on the NIST report can be seen here.
Categories: Data Protection, Network Security, News & Events